After Affects of Worm - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 01-02-2003, 02:49 PM   #1 (permalink)
Wizard Techie
 
Dave's Avatar
 
Join Date: Mar 2002
Location: "Almost Heaven" USA
Posts: 4,866
Send a message via AIM to Dave Send a message via Yahoo to Dave
Default After Affects of Worm

I got the worm W32.Yaha.K@mm, but it is now quarantined/deleted (not without damage).

Background
I was reading my Hotmail. I deleted the email that I was reading and Hotmail automatically opened the next email which contained the worm. McAfee, used by Hotmail, did not stop the worm, but my Norton did stop it from sending any emails. However, since it came through Hotmail, it did not stop it from damaging files.

Actions
Norton kept the worm from using my address book to send out emails, but it did not keep it from doing other harm. I ran all the disk doctors, file clean-ups, etc., that was recommended by Norton and others. It deleted the threat of the worm.

Problems
I have several problems now, most of it being that none of the shortcuts work, and neither do the menus. I can start IE or OE by using the RUN feature of Windows and typing in the command line, like "C:\Program Files\Outlook Express\Msimn.exe".

I need to get everything back in shape and I'm open for suggestions on how to do that. Please put in technologically impaired language!

Questions:[list=1][*]I have Windows XP Pro, would this be a good time to load it? Would this bring back the functionality of the desktop shortcuts and the programs that I use?[*]Is there a fast and fairly easy way to get all shortcuts working?[*]Is there a fast and fairly easy way to get the menus working?[*]When checking the properties of shortcuts and menu items, the Start In field is blank? How do I find out what goes in each field?[*]I get the following message when trying to look at some properties: Access to the specified device, path, or file is denied. How do I get take care of that?[/list=1]
Sorry for the long post. I'm hoping that someone can help me get my pc back in shape (without going to someone that will charge me lots of money).

Thanks for any help.

Struggling Dave
__________________

Dave is offline  
Old 01-02-2003, 03:05 PM   #2 (permalink)
<a href="http://www.tech-forums.net/pc/f109/folding-home-guide-223396/" target="_blank"><img src="http://img190.imageshack.us/img190/4127/110ad0n.png" /></a>
 
Join Date: Nov 2002
Posts: 1,765
Send a message via ICQ to Ecniv Send a message via AIM to Ecniv Send a message via Yahoo to Ecniv
Default

I would say that if you are SURE the system is no longer infected then yea, go ahead and upgrade to xp. Manually recreating the shortcuts, etc.. will take way too long.
__________________

__________________
\"Only two things are infinite, the universe and human stupidity, and I\'m not sure about the former.\"- Albert Einstein (1879-1955)

Ecniv is offline  
Old 01-02-2003, 03:35 PM   #3 (permalink)
Monster Techie
 
Join Date: Nov 2002
Posts: 1,364
Send a message via AIM to shan
Default

Yea, loading up XP would probably automatically re-configure some of the built in windows features. IE, Outlook, Win Media Player and all that other fun stuff. But programs that you haveinstalled something like ad-aware, Visual Basic and other things that might have been re-routed are probablly gonna have to be done manually
__________________
<center><h2><font color=\"red\">C:\\ Is the root of all evil</font></h2>
<hr width=\"50%\">
phiber@sysdum.com
spam this account, it's fun.
shan is offline  
Old 01-02-2003, 07:59 PM   #4 (permalink)
Junior Techie
 
Join Date: Dec 2002
Posts: 68
Default try this if you haven't already run XP install.

The malware of yaha actually connects to the items on your desktop and launches itself each time you double-click one of these instead of the intended purpose. You can disable this feature of the worm by:

Download this file and rename it exe fix.reg Then run it to correct your registry to the proper settings.
__________________
Brahm -- nothing fancy
brahm is offline  
Old 01-03-2003, 12:45 PM   #5 (permalink)
Wizard Techie
 
Dave's Avatar
 
Join Date: Mar 2002
Location: "Almost Heaven" USA
Posts: 4,866
Send a message via AIM to Dave Send a message via Yahoo to Dave
Default

Thanks for the suggestions.

I'm kinda' chicken now to try a download. I'll probably try the XP Pro install, but can you tell me where you got the download to fix the registry? Thanks.

Dave is offline  
Old 01-03-2003, 12:59 PM   #6 (permalink)
Junior Techie
 
Join Date: Dec 2002
Posts: 68
Default Yep

Well, it wont hurt to download it from here, but I exported the file from my own registry. It has the proper registry settings for exefiles regardless of Windows OS, which the virus changes:

HKEY_CLASSES_ROOT\exefile\shell\open\command
The entry should be: "%1\" %*"
As oppossed to the file name that the virus is using to propagate itself.
__________________
Brahm -- nothing fancy
brahm is offline  
Old 01-03-2003, 02:22 PM   #7 (permalink)
Wizard Techie
 
Dave's Avatar
 
Join Date: Mar 2002
Location: "Almost Heaven" USA
Posts: 4,866
Send a message via AIM to Dave Send a message via Yahoo to Dave
Default Re: Yep

Quote:
Originally posted by brahm
HKEY_CLASSES_ROOT\exefile\shell\open\command
The entry should be: "%1\" %*"
As oppossed to the file name that the virus is using to propagate itself.
The entry in mine is "". There's nothing between the quotes.

I tried your suggestion. It said:

Can not import C:\WINDOWS\DESKTOP\EXEFIX~1.REG: The specified file is not a registry script. You can import only registry scripts.

I also put in the Window XP Pro cd to install. It comes up on the screen with the options, but nothing happens when I try to install.

I have also been starting programs by typing in their command line in the RUN line, but NOW that is not working. It says:

This file does not have a program associated with it....

Any ideas!

Dave is offline  
Old 01-03-2003, 04:53 PM   #8 (permalink)
Junior Techie
 
Join Date: Dec 2002
Posts: 68
Default yep

Yes, change that registry setting from "" to "%1\" %*"
__________________
Brahm -- nothing fancy
brahm is offline  
Old 01-03-2003, 09:17 PM   #9 (permalink)
Wizard Techie
 
Dave's Avatar
 
Join Date: Mar 2002
Location: "Almost Heaven" USA
Posts: 4,866
Send a message via AIM to Dave Send a message via Yahoo to Dave
Default Re: yep

Quote:
Originally posted by brahm
Yes, change that registry setting from "" to "%1\" %*"
Changed the registry setting as shown, but no go on anything yet.

Getting an error message with everything (no associated program).

Dave is offline  
Old 01-04-2003, 01:28 PM   #10 (permalink)
Junior Techie
 
Join Date: Jan 2003
Posts: 78
Default Programs that will aid in deleting pest in the computer

I use two programs that help me aid also with spyware and adware on the computer.

If you have gator, get rid of it, spyware all together.

www.pestpatrol.com

&

http://download.com.com/3120-20-0.ht...are&tg=dl-2001

are two I use. I also make sure I don't open any email just for the hell of it.

P.s these programs will not solve all viruses/worms.
it really deletes pests like cookies/spyware/adware some codes that are on the computer and deletes them also from the Registory editor.

Hope this helps some find out that their being spyed on.
__________________

Nightman is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 05:59 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.